[staticassertion]

> On hardened targets and Firecracker specifically, here's a recent vulnerability found by "Anthropic": https://aws.amazon.com/security/security-bulletins/2026-015-...

Yep. It's notable that they failed to exploit it.

> but there are plenty of projects that managed to fuzz/test/audit their way to making it much harder to find serious vulnerabilities

Agreed! But I think those projects have certain things in common, like being tightly scoped, slowly developed, and built with safety in mind from day 1.

I don't think that any of the projects that have managed to meaningfully improve safety through fuzzing have the same qualities as projects like Firefox, Linux, etc.